https://bugs.exim.org/show_bug.cgi?id=2909
Bug ID: 2909
Summary: Missing arguments in string_sprinf call
Product: Exim
Version: 4.96
Hardware: x86
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@wizmail.org
Reporter: landgraf@physik.uni-freiburg.de
CC: exim-dev@exim.org
The change "Symlink following for TLS creds files" from Aug 8,22 introduced a
string_sprintf call on line 159, a function that has the identical arguments as
sprintf. In the format "%.*s/%.*s", another four arguments are needed: an
integer for the width of the character string and a pointer to the character
buffer for each of the of the strings. While the integer arguments are provided
the pointers to the character buffers are missing.
This caused exim to crash with an SIGSEGV exception when the TLS credential
files are looked up whenever their filenames contain symbolic links.
To avoid the crash, line 159 in tls.c should be corrected with the following
code:
: string_sprintf("%.*s/%.*s", (int)(s - filename), filename, (int)len, buf);
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Bug ID: 2909
Summary: Missing arguments in string_sprinf call
Product: Exim
Version: 4.96
Hardware: x86
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@wizmail.org
Reporter: landgraf@physik.uni-freiburg.de
CC: exim-dev@exim.org
The change "Symlink following for TLS creds files" from Aug 8,22 introduced a
string_sprintf call on line 159, a function that has the identical arguments as
sprintf. In the format "%.*s/%.*s", another four arguments are needed: an
integer for the width of the character string and a pointer to the character
buffer for each of the of the strings. While the integer arguments are provided
the pointers to the character buffers are missing.
This caused exim to crash with an SIGSEGV exception when the TLS credential
files are looked up whenever their filenames contain symbolic links.
To avoid the crash, line 159 in tls.c should be corrected with the following
code:
: string_sprintf("%.*s/%.*s", (int)(s - filename), filename, (int)len, buf);
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##